Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-31083

Published: 05/04/2024 Updated: 01/05/2024

Vulnerability Summary

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated malicious user to execute arbitrary code on the system by sending a specially crafted request.

Vulnerability Trend

Vendor Advisories

Amazon Linux 2: ALAS-2024-2510
A heap-based buffer over-read vulnerability was found in the Xorg server's ProcXIGetSelectedEvents() function This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness This vulnerability could be exploit ...
Amazon Linux 2: ALAS-2024-2511
A heap-based buffer over-read vulnerability was found in the Xorg server's ProcXIGetSelectedEvents() function This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness This vulnerability could be exploit ...
Amazon Linux AMI: ALAS-2024-1928
The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted ...
Amazon Linux AMI: ALAS-2024-1927
The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted ...

Mailing Lists

Full Disclosure: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Fwd: XOrg Security Advisory: Issues in XOrg X server prior to 21112 and Xwayland prior to 2325 <!--X-Subject-Header-End- ...
Full Disclosure: Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Fwd: XOrg Security Advisory: Issues in XOrg X server prior to 21112 and Xwayland prior to 2325 <!--X-Subject-Header- ...

References

CWE-416https://access.redhat.com/security/cve/CVE-2024-31083https://bugzilla.redhat.com/show_bug.cgi?id=2272000https://access.redhat.com/errata/RHSA-2024:1785https://lists.debian.org/debian-lts-announce/2024/04/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV/https://access.redhat.com/errata/RHSA-2024:2036https://access.redhat.com/errata/RHSA-2024:2037https://access.redhat.com/errata/RHSA-2024:2038https://access.redhat.com/errata/RHSA-2024:2039https://access.redhat.com/errata/RHSA-2024:2040https://access.redhat.com/errata/RHSA-2024:2041https://access.redhat.com/errata/RHSA-2024:2042https://access.redhat.com/errata/RHSA-2024:2080https://access.redhat.com/errata/RHSA-2024:2616http://www.openwall.com/lists/oss-security/2024/04/03/13http://www.openwall.com/lists/oss-security/2024/04/12/10https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2510.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-24-407/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook